Hi everyone – there’s no summer vacation for the NCM team. We just got NCM 6.0 out the door, and we’re already hard at work on a number of new features. In addition to the routine set of fixes, new device templates, and other optimizations – we’re working on:

Improved Policy Reports – import and export policies, rules, and possibly whole reports. Check for violations in config blocks (interface-level checking). We’re also looking at enhancing the user interface to make policy creation more intuitive and management much simpler.

Support for multiple config types – you’ve asked for this, and we’re working on it now.

Additional IpV6 support – NCM already has IpV 6 support for many activities, and we’re working on additional support.

Improved inventory management – we are working on making this process easier and the reports even more useful.

We are indeed working on bringing global search to the integration module (it's only in the standalone website right now). I think that is the search you are referring to? On the real-time change alerts - that's definitely in the plan, but it's a little lower in the priorities. We know it's a pain to set those up though, so we'll be addressing that soon.

If you means support for multiple contexts (Cisco ACE, ASA and FWSM), I will be eager to see that.

There might be workaround available, however it is not native and actually a lot of work to setup for each contexts per device. We are using context extensively and it is not quite practical to use the workaround.

Hi Don - moving more functionality to the web is definitely our long-term goal. We'll have more and more functionality ported with each release. The policy reporter improvements we're working on now will all be web-based - so look for that soon!

I'd like to have a LLDP inventory similar to the CDP inventory. Someone posted a script to add interface descritpions based on CDP results. I'd love to do that with LLDP since we are not a big Cisco shop

If you have seen any of my Config Change Template questions, this function needs some more quality time. It just barely works:

1. There is no way to get real-time feedback from the CLI, such as to test for successful command execution. I'd also like to be able to set an exit errorlevel so that the template would flag execution errors. You have to check each execution output file for errors manually.

2. It's not documented if you can use NCM system variables in templates. Getting the date, the name of the login user, etc would be helpful.

3. The template editor has no syntax checking. Checking for pairs of curly brackets would be most helpful. Colored syntax checking (like the VIM editor has in Linux has) would be very helpful. A lookup for variables to insert would also be helful.

4. The validate option doesn't seem to do much. Validation really comes when you try to run the template, and it doesn't give line numbers or anything to debug.

5. Is there a way to stop the Web UI from timing out? I have lost work on scripts several times with the Web UI logs out and I have to log back in. Don't see a way in the Admin settings.

#6 When you go to execute a CCT, the dialog for picking devices to apply it to has no way to filter or sort. I need AT LEAST the IP address listed.

7. I'm having a hard time figuring out which devices I've applied the template to and which I have not. I'd sure like to be able to sort devices by which template were applied, or at the least the date last updated.

Ok Smartd - It took me a little time but I have answers - comments to all your questions.

1. The issue with feedback on whether a script worked or not is that we don't know what kind of error message the device might return. That being said, I'm tracking this as a feature request for scripts in general, and I will here as well.

2. You can easily use NCM macros in the script. The only thing is that NCM macros contain ‘{}’ brackets. These brackets are used by the templates as well. So, in order to avoid collision – macros can be used in the following way:

string @macros='${date}'

CLI

{

show @macros

}

3 & 4. The syntax check - That's your "validate" button. The syntax check is also performed automatically when you try to execute a template.

5. Are you getting a session timeout here? You say it happens a lot? I will look into this one a bit more.

6&7 - I got those entered as feature requests.

All in all - we haven't had just a lot of feedback on the CCT - so this is really good stuff. Please let me know if you have more ideas or let me know if you any comments on my comments!

Questionario - we do have it, but I assume you meant that you're looking for what user is logged in. You've seen the "discovered links" report in Orion yes? (reports->topology reports->discovered links). What user is logged in is coming up on the road map.

Well see - now that's what I get for assuming. As far as monitoring every phone and PC - you just have to monitor the interfaces they are attached to. But when you are working with devices that are wirelessly connected - you will see them without incrementing your license.

I still don't quite understand why you don't just use the TCL Expect language in your product for doing config updates and device templates. You could choose to not implement "spawn", but using an existing Expect language means all programming docs and tutorials are already covered on the internet AND you could use modifications of existing RANCID scripts in Cirrus. Just expose the database variables and we could automate anything. Adding a tool like AutoIT to automate HTTP interfaces would complete the toolset for web-only interfaces.

CatTools had this phobia as well, requiring script changes to be compiled and encrypted by the Kiwi folks.

The ability to create compliance rules from the web browser would be great.

Also, being able to deploy config snipets to specific devices that are found to be compliant/not compliant from the compliance manager view in the web site.

For instance when you get the warning state of the device you can currently drill down into that device for more information. It would be nice to either have an option to deploy a configuration from that site or to right click on the warning indication.

Hi Chris - I can't give you dates because of our public company rules (such a drag), but I can speak in vague terms - so vaguely - I can say - in the next months. We're already doing customer walk-throughs of some of the features, so it's moving right along.

Hi Damien - pretty much everything we were working on made it in to the RC. Here is an overview:

Improved Policy Reporter – Interface-level policy checking, improved performance, and a completely new, web interface and workflow. Thwack integration enables sharing both inside and outside the organization. Additionally, a syntax checker allows you to see how rules will be applied to a chosen config. You will find all of this in the Orion/NCM integration piece.

Support for multiple config types – Backup and restore configs of whatever type you prefer.

Hi Questionario - the inventory reports improvements are mainly around the web UI and performance. We didn't actually add any new reports in this RC. We do have a Cisco inventory report with serial numbers in the product though - what were you needing in the report that you sent?

There's no intentional syncing between APM and NCM GA dates. We just started our RC with NCM.

I tried the built-in serial report in NCM which is practically useless unless you put a lot of work in it everytime you export it into excel, it lists items that don't even have a serial.

The report I linked I would guess is what everybody would be looking for, perfect to send on which items you need a smartnet contract or something similar for. it lists basically everything you can exchange in your hardware.

I would also like to note that the way NCM presents reports on the web look nice but are not too practical for most larger reports, there should be an option to show the whole report like it does in NPM.

Also a filter option on import jobs from NPM so we can be selective in wha goes into NCM. For example we have to moinitor APC UPS used with all of the routers but the import job pulls them into NCM so i have to create filters on the backups jobs to keep them from appearing as errors in the logs

Also a filter option on import jobs from NPM so we can be selective in wha goes into NCM. For example we have to moinitor APC UPS used with all of the routers but the import job pulls them into NCM so i have to create filters on the backups jobs to keep them from appearing as errors in the logs

Been back to working with policy manager a bit and have a few features I'd love to see...

1) Add a "copy" function to managing rules/policies. We're trying to produce our policies to match the written policies of our security team, so we have several rules that are very similar with just minor changes because they are different written rules. It would be much easier to copy the rules rather than having to put them in each time. Plus, if you're working on modifying or enhancing a rule, rather than working on the original it would be nice to make a copy and play with that.

2) You can test rules against live configs in your database, however - if you want to test against things it should be failing on you might not want to have to modify your configs with the things your testing to make sure they fail, save the config, update the database and then test. So, I propose a text box you can paste a config snippet into and then "test" your rule to see if it works/fails. I would think this would be awesome for debugging rules.

3) When working with rules I tend to need to see what rules are already there, or want to only see the rules I created. This is pretty easy to do by using the "search" box, which quickly filters down the rules to only what you want to see. The problem is, that search box gets cleared when doing just about anything and your back to having the whole list of rules up there again. How about either changing the search box so it is a "filter" box instead which is persistent, or adding a separate filter box or something?

4) On the same line as the one above, if I'm managing my rules and have the list up, I might want to sort by "Folder" rather than "Rule Name". Easy to do by just clicking on that column, however, once again it clears when you do just about anything. How about making this persistent, or allowing us to customize the view? Maybe have the ability to take out columns if you don't want them. Or even maybe allow you to only view rules that are assigned to a report. See lots of potential "usability" in this...

I assume feature requests are not out of line here. This is a big one that I haven't seen mentioned. I'm going to post a request for the same thing in the IPAM topic.

MSP support (multitenancy).

You guys are already on track with NPM and the EOC. Taking ALL data and putting it into a customer context, and making the server architecture work in a distributed fashion accordingly. I want all your products (especially IPAM and NCM at the moment) to function the same way. That might mean a LOT of redesign from the ground up, so you may decide that demand doesn't justify the overhaul. Either way, if you could indicate whether or not this feature is under discussion and/or where it stands, that would help me decide whether or not to buy NCM right now.

Keep this in mind. If you DO modify the server application to be multi-tenant aware, avoid this pitfall. In many cases, it might make sense to have a dedicated "Polling/NCM node" for each customer. However, where small customers have 1-5 routers, a full blown installation can't be justified. Thus, a lightweight remote-poller version of the application with an SSL tunnel back to the central server is the ideal strategy. Even then, the ability to have multiple customers on some polling nodes is also ideal. Same with NPM and APM.

This comes from broad experience in the MSP sector, with many applications having varying degrees of support, and strategies for supporting multi-tenancy. This type of strategy has licensing implications, but it would be wise to create a totally separate license approach for MSP's anyway.

1: I would like to see improvements in the access to config change templates, meaning a ability to restrict users to certain CCT. As if you wanted to create a helpdesk user account and then create a change template that allowed them to add a port into a certain VLAN for instance, but you did not want them to be able to see any of the other types of templates you created.

2: more roles defined in NCM as well as AD group functionality

3: More import DB options as if you want this tool to be enterprise class it needs access to other types. like Oracle or MYSQL and POSTGRESQL. many companies have a CMDB now and want to feed that info into a product like this. Also have the ability to have filters on the import data sources as well, so not just for certain import types but for all import types. so I want to only filter on Cisco devices or multiple vendors in my import datasource , whether it is a file or a database.

4: EOL/EOS type functionality, so an ability to enter this data youself and then to be able to alert and report on it.

Actions

More Like This

Retrieving data ...

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining.

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website,
you consent to our use of cookies. For more information on cookies, see our cookie policy.